Legal aspects to keep in mind building IoT solutions
I. Key aspects of business models for IoT
The Internet of things (IoT) is the network of devices such as vehicles, and home appliances that contain electronics, software, sensors, actuators, and connectivity which allows these things to connect, interact and exchange data[1]. By 2025 research and advisory companies expect to count more than 75 million of these devices connected to the internet globally[2].
Figure 1: Internet of Things (IoT) connected devices installed base worldwide from 2015 to 2025 (in billions)
Probably the remarkable increase of the IoT devices will be due to new services and their business models. It is not unlikely that a common ground of the business models in IoT will be data. Data at big scale generated by millions of sensors included in IoT devices and by billions of interactions or transactions between IoT devices (m2m) or between devices with human end users.
Predictive maintenance service based upon verified and reliable data is a business model example we already know. There will be thousands more.
Blockchain as secure immutable ledger for transactions could be the adhesive layer between technologies like artificial intelligence and big data. Transparency and trust stick all parts of the business model together. But it is also necessary that new technologies comply applicably with the legal framework applicable.
Therefore, after a short description of a typical blockchain architecture for an IoT application, the article will discuss the legal framework. The questions about the operation of the solution and data ownership will be dealt with in within more detail.
II. Architecture and solution need to comply with the legal framework
A typical technology stack of a blockchain solution would start with the trivial need of servers as basis for the peer to peer network, a decentral server infrastructure. Next, there would be the blockchain protocol providing an efficient method of documenting transactions in a verifiable and permanent way.
The storage and data layer is the next building block and the basis upon smart contracts execute their programmed orders. The so-called social layer is the core of the decentralized economy functions consisting of social, asset tracking, reputation, identity and comms. Decentralized Applications (dApps) contribute the user experience.
Figure 2: Typical Technology Stack of a Blockchain Solution for IoT and a rough sketch of the legal framework
Each solution for IoT and its business model needs to comply with the legal framework. The first question in this context is to clarify which legal framework is relevant. Laws are almost a national issue. There are international treaties defined by the 1969 Vienna Convention on the Law of Treaties like the WIPO Copyright Treaty from 1996 or supranational legal environments like the European Union being able to set certain legal conditions like the General Data Protection Regulation (GDPR).
Once clarified the relevant market and the linked local law questions like “Do we process personal data?”, “Are there any specific regulations?”, “Does our business model include coins or tokens?”, “Who needs to be the owner of the data and the results achieved through the analysis of it?” The answers of the legal should be reflected properly in the solution and its underlying business processes in an early stage.
One of the most critical regulations for blockchain use cases is the GDPR since, for example, the right to deletion of personal data is antagonistic truly to the underlying principle of permanent, immutable storage of the transactions and the data on the blockchain. Therefore, the provider of the solution should look very carefully which data in in which form really needs to be stored on the blockchain to provide the vital adhesive effect to the other components in the stack of the solutions. Maybe, instead of the data it would be sufficient to store the hash of that information as proof.
However, besides of the GDPR as well to other key topics need to be resolved. Among these are the questions: Who provides the solution? And who has the ownership of the data and the results generated based upon it?
…to be continued: The contribution continues with a second part, in which the author will deepen the questions about the operator model of the block chain solution and data ownership
The Author
Kristian Borkert is the founder of the law firm JURIBO Legal & Consulting. His mission is to simplify digital value creation and enhance its security. His focus is on agile matters, blockchain and IT sourcing.
For almost 10 years Kristian Borkert is working in national and international projects related to information technology and data protection law. His expertise areas include IT and business process outsourcing, SLA, software licensing, software project agreements, data protection agreements and other IT sourcing related topics.
He is particularly interested in agile methods such as Scrum or Kanban, collaboration models and blockchain. He is an active member of blockLAB Stuttgart, Co-Author of the Blockchain Strategy for Baden Württemberg and Co-Creator of the Blockchain Compass.
[1] Wikipedia https://en.wikipedia.org/wiki/Internet_of_things
[2] See statista https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/